header-logo
Suggest Exploit
vendor:
Mozilla Browser
by:
SecurityFocus
3.3
CVSS
MEDIUM
URI Obfuscation Weakness
20
CWE
Product Name: Mozilla Browser
Affected Version From: Mozilla 1.0
Affected Version To: Mozilla 1.0
Patch Exists: NO
Related CWE: N/A
CPE: Mozilla
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: All
2002

Mozilla Browser URI Obfuscation Weakness

It has been discovered that the Mozilla browser is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a NULL byte is located after the user value. It is said that, when doing a mouseover of such a URI, it will cause it to only display the contents of the user value, not the entire link. This could be used in conjunction with other URI obfuscation attacks and browser vulnerabilities to trick a user into following a malicious link.

Mitigation:

Ensure that all user input is properly validated and sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9203/info

It has been discovered that the Mozilla browser is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a NULL byte is located after the user value. It is said that, when doing a mouseover of such a URI, it will cause it to only display the contents of the user value, not the entire link.

This could be used in conjunction with other URI obfuscation attacks and browser vulnerabilities to trick a user into following a malicious link. 

http://www.trusted.com%00@www.malicious.com

Navigation

Suggest Exploit

Services By CQR